CVE-2018-1107

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
is-my-json-valid_projectis-my-json-valid
𝑥
< 1.4.1
is-my-json-valid_projectis-my-json-valid
2.0.0 ≤
𝑥
< 2.17.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1546357
https://snyk.io/vuln/npm:is-my-json-valid:20180214
https://bugzilla.redhat.com/show_bug.cgi?id=1546357
https://snyk.io/vuln/npm:is-my-json-valid:20180214